A client has an existing router to which I need to add ZBF. The design guide below talks about the overall configuration of ZBF. But because this router is so actively used - I can't rough it in. Need to get the downtime down to about a minute.
So - to minimize outage would the order be:
1) Add classmaps,
2) Add policy maps
3) Add zones.
4) Add zone-pairs.
5) Assign interfaces to zones. ??
To "deactivate ZBF" if it doesn't go well...is the fastest way to remove all interfaces from zone membership?
Your plan looks good to me. If possible, I would recommend both writing and testing the configuration on a non-production router first. This way, you can work out any quirks in your config and make sure everything works as expected. Once this is done, you can copy the configuration into a text editor and simply paste it into the production router during a brief maintenance window.
Also, you are correct in that the fastest way to "deactivate" ZBFW is to simply remove the interfaces' zone membership.
Hope that helps.